[squid-users] carole lerouge

http://unicontac.com/david.html

Re: [squid-users] Terminal Server Users

I have a client that uses a TS farm as well. If they are using AD and everything is working, you can: 1. Create an AD group called limited-Inet 2. Put the users you want to be restricted in that group 3. Add this to your squid.conf acl our_networks src 192.168.0.0/16 acl NTLMUsers proxy_auth

Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

they all get IE).. so I can see how this would be an issue. - Original Message From: Chris Nighswonger <[EMAIL PROTECTED]> To: Amos Jeffries <[EMAIL PROTECTED]> Cc: nairb rotsak <[EMAIL PROTECTED]>; matlor <[EMAIL PROTECTED]>; squid-users@squid-cache.org Sent: Sa

Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

ly thanks in advance nairb rotsak wrote: > > Always forget to hit the 'reply to all' instead of the 'reply'.. sorry.. > below is what I sent Chris: > > Below is for w2k3 AD and Ubuntu 6.06.1: > > auth_param ntlm program /usr/bin/ntlm_auth > -

Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

ing iPrism/Barracuda/Websense.. but now I figure I will just let them spend the money.. ;-) - Original Message From: Chris Nighswonger <[EMAIL PROTECTED]> To: nairb rotsak <[EMAIL PROTECTED]> Cc: matlor <[EMAIL PROTECTED]>; squid-users@squid-cache.org Sent: Wednesday, O

Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

I am totally confused by this statement?.. as I have 300 people using firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single one gets a user/pass prompt? I am not using it as a transparent proxy, it is listed in firefox under proxy settings (8080 because it goes to DG first..

Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups

Chris, this works great! One note to anyone trying it... if you have 'winbind separator = \' in your smb.conf, this works.. but it does matter. I banged my head on this for about 15 minutes and then change my auth-param line to read --require-membership-of="our_ad_domain+proxyusers_group".. be

Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups

Fantastic! I will try this in the morning! Thanks Chris! This is exactly what I was looking for! - Original Message From: chris brain <[EMAIL PROTECTED]> To: squid-users@squid-cache.org Sent: Thursday, August 21, 2008 10:26:15 PM Subject: Re: [squid-users] if this is posted somewher

Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups

inal Message From: Henrik Nordstrom <[EMAIL PROTECTED]> To: nairb rotsak <[EMAIL PROTECTED]> Cc: squid-users@squid-cache.org Sent: Wednesday, August 20, 2008 5:44:48 PM Subject: Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups On ons, 2008

[squid-users] if this is posted somewhere.. please tell me where to go... AD groups

Hello all, I have squid 2.5STABLE12 running on an Ubuntu 6.06 box. I have it joined to an AD domain and it works great. I want to add a group in AD that allows Inet use. If they aren't in that group, they can't get out. I would like it to stay seamless.. no login box. This is not a trans

Re: [squid-users] NTLM-transparent?

ROTECTED]> To: Henrik Nordstrom <[EMAIL PROTECTED]>; nairb rotsak <[EMAIL PROTECTED]> Cc: "squid-users@squid-cache.org" Sent: Sunday, June 29, 2008 6:01:53 PM Subject: RE: [squid-users] NTLM-transparent? We do NTLM auth with squid setup transparently. We get all the names an

[squid-users] NTLM-transparent?

Hello all, I am replacing a St. Bernard iPrism. I know it runs squid (the client got tired of paying for it and once I told them it just runs squid anyway, they jumped at the chance for a little more control). I am used to running Squid/Dansguardian/Samba with ntlm auth. But I have always us

[squid-users] no access.log

Hello all, I have a squid installation running on Ubuntu 7.04. That version of squid is 2.6.5. I have ntlm-help and am using it with Dansguardian. It all works, but when someone complained of being blocked by something they should not have, I naturally went to /var/log/squid/access.log. Onl

[squid-users] block on browser type?

Hello all, I searched and couldn't find a way to do this. We are trying to block IE 7. We have citrix farms set up with IE 6, Squid and Dansguardian. There are a few rogue people (think political here.. we can just lock down anything not coming from the Squid box) that believe they are fairl

[squid-users] yahoo and hotmail not going through squid after authenticate?

Thanks to this group, we have our new server (not the test pc we have been testing with) up and running with Squid/Samba/DG. Proof to anyone that after 100 times of building it, it can be done in an hour! We even have groups working with the dansguardianfX.conf files! What a great thing to hand

[squid-users] yahoo mail, squid, ie, firefox and ntlm

Finally figured this one out and wanted to share... We block all outbound 80 traffic not coming from squid (and the server vlan.. ok, and the admin vlan ;-) when you type in mail.yahoo.com, you actually get redirected to login.yahoo.akadns.net. Going through squid w/ntlm, this works just fine on

[squid-users] ntlm, firefox & IE

Using AD to push a group policy forcing users to use squid. We had to put *.yahoo.com in the 'don't go to the proxy' window because of all kinds of issues. Some other sites, too. This worked for about a week. Now, IE users are starting to not be able to get to mail.yahoo.com again?? This mig

Re: [squid-users] no auth for one domain?

We ended up using AD Group policy to not go through the proxy for that site... not ideal, but just to make sure I understand the other way to do it You can put the http_access with the acl before the http_access allow_ntlm and it should work? --- Mark Elsen <[EMAIL PROTECTED]> wrote: > > Is

[squid-users] no auth for one domain?

Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried

[squid-users] certain port should go direct

I have an issue where a certain app is talking on a port that appaprently doesn't like squid (State of Illinois app... so I won't say anything more about the app ;-) I have the following in my squid.conf.. but it doesn't seem to work. I have another one just like it.. and it works fine?? Here is

[squid-users] 4th time a charm?

I have followed this to a "T". I can authenticate just fine with samba stuff.. all getent stuff.. all wbinfo stuff. But I still get 407's in my squid access.log (I am getting a prompt for username/password). No username and password combo works. Is there anyw

[squid-users] ./ntlm-auth works, but not with helper protocol

So I started over after making my customer happy with squid and DG, but they want to log names (Terminal Server environment). I have setup all of the samba stuff and it all works. I have set up the authentication part of squid and it doesn't. If I use: ./ntlm-auth --username=test1, it asks for

[squid-users] all wbinfo stuff works.. now I can't get --helper to work

Hello, When I type this: /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp per : http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#winbind I am getting nothing, until I hit another key and it says ERR each time I hit a key until I CTRL-C. All of my wbinfo stuff works... I know I am suppose

[squid-users] squid and DG

Ok, Squid is cacheing and DG is blocking... I have seen a post or two about putting them on different boxes so you can get 'per user' logging. I have also seen that having DG on the same Squid box causes squid logs to only show loopback. Am I missing something or is there a way around this? Than

[squid-users] citrix users behind squid

I have looked in past posts and I think my question is answered, but since we are dumping websense and going with Squid (based on what we think we already know), I wanted to be sure. We use websense now, but because 80% of our users are citrix users, we have had to implement an isa server that r